Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-27 | CVE-2023-28012 | Command Injection vulnerability in Hcltech Bigfix Mobile 3.0 HCL BigFix Mobile is vulnerable to a command injection attack. | 8.8 |
| 2023-07-26 | CVE-2023-28130 | Command Injection vulnerability in Checkpoint Gaia Portal Local user may lead to privilege escalation using Gaia Portal hostnames page. | 7.2 |
| 2023-07-14 | CVE-2023-37794 | Command Injection vulnerability in Wayos Fbm-291W Firmware 19.09.11V WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp. | 9.8 |
| 2023-07-14 | CVE-2023-38336 | Command Injection vulnerability in Netkit 0.1724 netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. | 9.8 |
| 2023-07-14 | CVE-2023-38286 | Command Injection vulnerability in multiple products Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. | 7.5 |
| 2023-07-13 | CVE-2023-37566 | Command Injection vulnerability in Elecom Wrc-1167Febk-A Firmware and Wrc-1167Ghbk3-A Firmware Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. | 8.0 |
| 2023-07-13 | CVE-2023-37567 | Command Injection vulnerability in Elecom Wrc-1167Ghbk3-A Firmware Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. | 9.8 |
| 2023-07-13 | CVE-2023-37568 | Command Injection vulnerability in Elecom Wrc-1167Gebk-S Firmware and Wrc-1167Ghbk-S Firmware ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. | 8.0 |
| 2023-07-11 | CVE-2023-36750 | Command Injection vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). | 7.2 |
| 2023-07-11 | CVE-2023-36751 | Command Injection vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). | 7.2 |